Log4Shell & Active Directory: The Five Routes To Domain Dominance

Log4Shell & Active Directory: The Five Routes To Domain Dominance

Whilst much has been written about Log4j and the potential impact to the applications that rely on the now infamous java library, little has been said about how attackers could leverage the flaw to gain control of your domain at the highest levels of privilege. For the purpose of this article, we will assume that you are familiar with Active Directory and that you understand its strategic position for information systems. We will discuss five major situations in which Log4Shell allow attackers to achieve complete domain domination over your Active Directory infrastructure. These five situations are not exhaustive and, beyond any doubt, there are many other compromise paths using similar concepts.

    Get your free copy now!

    I would like to receive marketing communications from Tenable regarding its products and services. You may opt-out of receiving our emails at any time by following the opt-out instructions included in the footer of the emails delivered to you or by visiting

    Tenable's Subscription Center. You acknowledge that Tenable, our affiliates, and the third parties (as applicable) listed in our Privacy Policy may transfer your personal data outside of the European Economic Area ("EEA") in order to deliver marketing communications to you, and that countries outside of the EEA may not require the equivalent level of protection of your personal data. Tenable will only process your personal data as described in our Privacy Policy.

    Leave a Reply